When Wifi was first implemented, there was a concept of “Open” networks, these had no authentication or encryption. We still have Open networks at hotels because they can be made to use a captive portal, however Enhanced Open is new, let’s get to the blog post…
Open
Open Wifi made Wifi easy to implement, since Ethernet has no authentication or encryption it just works. However, Open Wifi is a huge security risk because anyone can connect to it, and anyone can see the data on the wireless network because it’s not encrypted.
Open Wifi can be connected to a captive portal website where you can log into an account and gain access to the Internet. The big push for people to use secure web and secure email systems has mitigated the problem that open networks have no encryption.
WEP
WEP or Wired Equivalent Privacy was designed to authenticate people who knew the code on the Wifi router. It is just like having a key you can give to everyone and it fits the lock. The problem is that the key is used for all transactions and any hacker listening to the traffic can break the WEP code in 1-2 minutes and read the data or connect to the network and sniff traffic that way.
WPA
WPA was the big change, WPA or Wireless Protected Access added encryption to the mix.
WPA is available in two forms, WPA-PSK (also called WPA Personal) and WPA Enterprise.
WPA-PSK or Pre Shared Key is where a wireless key is given out to each user on the network, which is used to encrypt the data across the wireless network
Early WPA came with the option of TKIP or Temporal Key Integrity Protocol, which was okay but used a weak form of encryption that allowed each computer to see the data from another. This lead to AES or Advanced Encryption Standard which is a much more secure encryption.
Enterprise networks could use WPA to secure their users on a network. A RADIUS server is used to authenticate the user, and the router gives the user a unique key for the session. Since each user gets their own key, the chances that a hacker can gain access to the network is minimised.
However, WPA has some security vulnerabilities which lead to WPA2 and WPA3. WPA2 and WPA3 Enterprise offer stronger encryption methods than the Personal version.
Enhanced Open
Wifi 6 and below support Open, WEP, WPA, WPA2 and WPA3.
Enhanced Open is the new system designed for Wifi 6E and above and uses OWE or Opportunistic Wireless Encryption, which works the same way to authenticate the user via the Captive Portal, then shares the public keys between the router and device before using that to encrypt the data across the wireless network.
Wifi 6E only uses WPA3 and Enhanced Open (sold as OWE) when using the 6GHz band, but will use the older authentication methods for 5GHz and 2.4GHz bands. Wifi 7 (when it is released) will only support WPA3 and OWE.
Conclusion
The new standards are backwards compatible with older wireless adapters but the new 6GHz band is only available to the Wifi 6E and 7 routers and wireless adapters. So in order to use this new band, you must either use WPA3 or OWE.